If you store any ePHI outside of AC (Scans, Faxes, word docs, etc.), that is still subject to the same requirements. Need to backup those, encrypt those, etc. So if you wanted a complete cloud solution, you would need to offload everything. There are a few providers that do that. (Rackspace, AWS, etc.) They are very expensive though. You could get a new server every few months.
Read those Cloud SLA's carefully. They are not responsible for data loss. The maximum amount they are liable for is your monthly payment. I'm sure they make backups, but if data loss does happen, it's not their fault. You can google around for cloud storage data loss. That's why a lot of them are implementing a local backup plan at the customer's site as well. Also, if there is a data breach, guess whose fault it is? (Hint: not the cloud provider). I'm sure the news will show you it doesn't matter if you have the deep pockets of Microsoft or Amazon, data breaches happen.
http://www.usatoday.com/story/cybertruth/2013/05/31/cloud-security-hacking-encryption/2375689/So, in summary, network security is still an issue. Physical security can be resolved by placing the server in a locked room and using disk encryption so I wouldn't consider that a major issue. Cloud is superb but it has its limitations and you need to be taking active steps to secure it as you would a local network. Make sure you understand what's secure and what isn't. You can never have too many backups.
These are a few of the reasons, many enterprises are not offloading any mission critical apps or sensitive data. The reality is the odds of a network attack in a small business are a lot smaller than an Internet attack. That's why AC recommends going wired over wireless. People need physical access to compromise the network.
The best solution is a hybrid system that utilizes the strengths of both.